This topic introduces features and functions of the Services System view.
The Services System view provides a services summary for NetWitness Suite Core services and some other services, for example Reporting Engine.
The summary information for NetWitness Suite Core services (Broker, Concentrator, Decoder, and Log Decoder) is similar, including information about:
- Appliance Service
- Service user information
- Host user information
- License information
- Session information
The toolbar for NetWitness Suite Core services is also similar. The options provide a way to run command-line host tasks, control services and hosts, and other service-specific tasks such as uploading packet capture or log files to a service.
This workflow shows the tasks you perform from the System view.
|Role||I want to ...|
|Administrator||Log Collector Only - Start or stop log collection protocol.|
|Administrator||Archiver, Broker, and Concentrator Only - Configure Group Aggregation.|
The following example shows you how to use the System view for a Decoder. The System view for all the services provide you with the same information for each service except for the toolbar at the top.
IPDB Extractor Toolbar
Log Decoder Toolbar
Archiver, Broker, and Concentrator Toolbar
Services Without a Toolbar
Event Stream Analysis
Select a Service.
Perform System View Tasks
|1||View basic information for a service.|
|2||Start, stop or restart a service.|
|3||Reboot a service.|
|4||Shutdown Appliance service running on this host.|
|5||Execute a task from the Host Task List.|
View users connected to a service.
Kill a user connection to a service.
|8||Decoder and Log Decoder Only - Start or stop capture.|
|9||Log Collector Only - Start or stop log collection protocol.|
|10||Archiver, Broker, and Concentrator Only - Configure Group Aggregation.|
|11||Decoder Only - Upload a packet capture file.|
|12||Log Decoder Only - Upload log file.|
This section describes common features for NetWitness Suite Core service types.
- Features specific to Brokers and Concentrators are described in the Services System View - Broker topic in the Broker and Concentrator Configuration Guide.
- Features specific to Decoders and Log Decoders are described in .
Services Without a Toolbar
Event Stream Analysis
This table describes the Services System View toolbar options common to all Core services.
|Host Tasks||Displays the Host Task List dialog, which provides a way to run command-line host tasks from a selection list. See for detailed information.|
|Shutdown Service||Shuts down and restarts the service for a Decoder, Log Decoder, Broker, or Concentrator.|
|Shutdown Appliance Service||Stops all services running on the host, then shuts down and restarts the appliance service for a Log Decoder, Log Decoder, Broker, or Concentrator.|
|Reboot||Shuts down and restarts the host on which the Core services are running.|
The toolbar in the System view for the Decoder and Log Decoder services also contains the following commands.
|Upload Packet Capture File|| |
Displays a dialog that provides a way to select a packet capture (.pcap) file for upload to the selected Decoder. For more information, see the Upload Packet Capture File topic in the Decoder and Log Decoder Configuration Guide.
Note: This option does not apply to Log Decoders.
|Upload Log File|| |
Displays a dialog that provides a way to select a log (.log) file for upload to the selected Log Decoder. For more information, see the Upload Log File to a Log Decoder topic in the Decoder and Log Decoder Configuration Guide.
|Start/Stop Capture|| |
Starts packet capture on the selected Decoder. When packet capture is in progress, the option in the toolbar changes to Stop Capture, and the option to upload a file is unavailable.
The toolbar in the System view for the Archiver, Broker, and Concentrator services has commands that start or stop group aggregation after you configure it.
|Start Aggregation||Stops group aggregation.|
|Stop Aggregation|| |
Starts group aggregation.
Services Summary Information
The top section of the Services System view summarizes information about the selected service. This applies to all Core service types: Decoders, Brokers, Concentrators, and Log Decoders.
|Service and Appliance Service Information||This Includes the service name, service version, memory usage in megabytes, memory usage as a percentage of total memory, the time and date the service started running, the duration of time the service has been running, and the current time.|
|Service and Host User Information||Displays users who have access to this service and the user role to which they belong.|
|License Information||Displays the computer ID for the service and the licenses installed for that ID. |
Session Information Grid
The bottom section of the Services System view provides a list of active sessions. In this view, you can:
- End a session
- End an active query
This table describes the Session Information grid columns.
|Session||The ID for the session. Clicking the session ID displays a dialog with the option to kill the session. You can approve the action or cancel the action.|
|User||The name of the session owner.|
|IP Address||The IP address of the service where the session is running.|
|Login Time||The time the user logged in.|
|Active Queries||The count of active queries. Clicking a non-zero count displays a dialog in which you can stop execution of a query.|